File name: usec_sa_asp_detail.html
Audit service provider settings
Use this
page to define the implementation details of the
audit service provider. There are three types of audit service providers:
binary file-based, third party and SMF.
To view this administrative
console page, click one of the following
paths:
Name
Specifies the unique name associated
with the audit service
provider.
Third party emitter class
name
Specifies the name of the class for this implementation.
This field is only present for Third party emitter implementations.
Audit
file location
Specifies the path to the binary log
file.
Audit file size
Specifies the maximum size of a single binary log file.
This value is defined in megabytes.
Maximum number
of audit log files
Specifies the maximum number
of binary log files to create
before the oldest is replaced.
Note: The maximum
number of logs does not include the current binary
log that is being written to. It is a reference to the maximum number
of archived (timestamped) logs. The total number of binary logs that
can exist for a server process is the maximum number of archived logs
plus the current log.
Audit log wrapping
Specifies the wrapping behavior of the binary audit log
when the maximum number of binary audit log files is reached.
New feature: In this
release
of
WebSphere® Application Server, there
are new customizable options available when specifying the default
audit log wrapping behavior. This is only applicable to the Binary
Audit Log implementation.
Choose from one of the following options:
- WRAP
- If you select this option, when the maximum
audit logs are reached,
the oldest audit log is rewritten; notification is not sent to the
auditor. This is the default option, and mimics the default behavior
in WebSphere Application Server Version
7.0.
- NOWRAP
- This option does not
rewrite over the oldest audit log. It stops
the audit service, sends a notification to the SystemOut.log,
and quiesces the application server.
- SILENT_FAIL
- This option does not rewrite over the oldest audit log. It also
stops the audit service, but does allow the WebSphere process to continue.
Notifications are not posted in the SystemOut.log.
Note: If
audit notification of failures in the audit subsystem is configured,
and SILENT_FAIL is selected, the auditor is not notified of the audit
subsystem failure. The SILENT_FAIL option takes precedence
Note: If you use the NOWRAP or SILENT_FAIL options,
when the server is stopped as a result of the logs being maxed-out,
a stopserver is performed, or because the server abends in some way,
you must archive the binary audit logs before you restart the server.
newfeat
New feature: This topic
references one or more of the application server log files. Beginning
in WebSphere Application Server Version 8.0 you can configure the
server to use the High Performance Extensible Logging (HPEL) log and
trace infrastructure instead of using
SystemOut.log ,
SystemErr.log,
trace.log,
and
activity.log files or native z/OS logging
facilities. If you are using HPEL, you can access all of your log
and trace information using the LogViewer command-line tool from your
server profile bin directory. See the information about using HPEL
to troubleshoot applications for more information on using HPEL.
newfeat
Event formatting
module class name
Specifies a class used to format
the generic event into
a format that is specific to the audit service provider implementation.
For example, a third party audit service provider implementation might
have an event formatting class that takes the generic event and translates
it into XML data.
Selectable filters
Specifies the available event filters. To enable a filter
for an implementation, select the filter from the Selectable event
filters list and then click >.
Enabled filters
Specifies the event filters
that are currently enabled
for an implementation. To disable a filter for an implementation,
select the filter from the Enabled filters list and then click <.
Custom
properties
Specifies any custom properties that
might be used to add
properties to a third party implementation. Custom properties are
not available for binary file-based implementations or SMF implementations.
|
